newbie_guide
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
newbie_guide [2009/08/14 18:35] – use dokuwiki internal links mister_x | newbie_guide [2010/11/21 00:05] – typos sleek | ||
---|---|---|---|
Line 15: | Line 15: | ||
Needless to say, you need a wireless card which is compatible with the aircrack-ng suite. | Needless to say, you need a wireless card which is compatible with the aircrack-ng suite. | ||
- | To determine to which category your card belongs to, see [[compatibility_drivers|hardware compatibility page]]. Read [[compatible_cards|Tutorial: | + | To determine to which category your card belongs to, see [[compatibility_drivers|hardware compatibility page]]. Read [[compatible_cards|Tutorial: |
First, you need to know which chipset is used in your wireless card and which driver you need for it. You will have determined this using the information in the previous paragraph. | First, you need to know which chipset is used in your wireless card and which driver you need for it. You will have determined this using the information in the previous paragraph. | ||
Line 148: | Line 148: | ||
^ PWR | Signal strength. Some drivers don't report it | | ^ PWR | Signal strength. Some drivers don't report it | | ||
^ Beacons | ^ Beacons | ||
- | ^ Data | Number of data frames | + | ^ Data | Number of data frames |
^ CH | Channel the AP is operating on | | ^ CH | Channel the AP is operating on | | ||
^ MB | Speed or AP Mode. 11 is pure 802.11b, 54 pure 802.11g. Values between are a mixture | ^ MB | Speed or AP Mode. 11 is pure 802.11b, 54 pure 802.11g. Values between are a mixture | ||
Line 159: | Line 159: | ||
^ STATION | ^ STATION | ||
^ PWR | Signal strength. Some drivers don't report it | | ^ PWR | Signal strength. Some drivers don't report it | | ||
- | ^ Packets | + | ^ Packets |
^ Probes | ^ Probes | ||
Line 188: | Line 188: | ||
For more information about [[aircrack-ng]] parameters, description of the output and usage see the [[aircrack-ng|manual]]. | For more information about [[aircrack-ng]] parameters, description of the output and usage see the [[aircrack-ng|manual]]. | ||
- | The number of IVs you need to crack a key is not fixed. This is because some IVs are weaker and leak more information about the key than others. Usually these weak IVs are randomly mixed in between the stonger | + | The number of IVs you need to crack a key is not fixed. This is because some IVs are weaker and leak more information about the key than others. Usually these weak IVs are randomly mixed in between the stronger |
There are some more advanced APs out there that use an algorithm to filter out weak IVs. The result is either that you can't get more than " | There are some more advanced APs out there that use an algorithm to filter out weak IVs. The result is either that you can't get more than " | ||
Line 236: | Line 236: | ||
Wait for a client to show up on the target network. Then start the attack: | Wait for a client to show up on the target network. Then start the attack: | ||
- | aireplay-ng - -arpreplay -b 00: | + | aireplay-ng --arpreplay -b 00: |
-b specifies the target BSSID, -h the MAC of the connected client. | -b specifies the target BSSID, -h the MAC of the connected client. | ||
Line 242: | Line 242: | ||
Now you have to wait for an ARP packet to arrive. Usually you'll have to wait for a few minutes (or look at the next chapter). | Now you have to wait for an ARP packet to arrive. Usually you'll have to wait for a few minutes (or look at the next chapter). | ||
- | If you were successfull, you'll see something like this: | + | If you were successful, you'll see something like this: |
Saving ARP requests in replay_arp-0627-121526.cap | Saving ARP requests in replay_arp-0627-121526.cap | ||
Line 253: | Line 253: | ||
When using the arp injection technique, you can use the PTW method to crack the WEP key. This dramatically reduces the number of data packets you need and also the time needed. | When using the arp injection technique, you can use the PTW method to crack the WEP key. This dramatically reduces the number of data packets you need and also the time needed. | ||
- | If the number of data packets received by airodump-ng sometimes stops increasing you maybe have to reduce the replay-rate. You do this with the -x <packets per second> option. I usually start out with 50 and reduce until packets are received | + | If the number of data packets received by airodump-ng sometimes stops increasing you maybe have to reduce the replay-rate. You do this with the -x <packets per second> option. I usually start out with 50 and reduce until packets are received |
==== The aggressive way ==== | ==== The aggressive way ==== | ||
- | Most operating | + | Most operating |
Keep your airodump-ng and aireplay-ng running. Open another window and run a [[deauthentication]] attack: | Keep your airodump-ng and aireplay-ng running. Open another window and run a [[deauthentication]] attack: | ||
Line 273: | Line 273: | ||
====== Further tools and information ====== | ====== Further tools and information ====== | ||
- | [[http:// | + | [[http:// |
newbie_guide.txt · Last modified: 2018/11/21 23:31 by mister_x